National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 27,394 matching records.
Displaying matches 25781 through 25800.
Vuln ID Summary CVSS Severity
CVE-2002-2362

Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2363

VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-2364

Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2365

Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-2366

Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2002-2367

Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.8 HIGH
CVE-2002-2368

Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Connection function in proxy.c for the SOCKS4 module.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-2369

Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2370

SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause a denial of service (crash) via a URL request that does not end with a newline.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2371

Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.8 HIGH
CVE-2002-2372

The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2373

The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-2375

Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2002-2376

Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2377

Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2378

Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2002-2379

** DISPUTED ** Cisco AS5350 IOS 12.2(11)T with access control lists (ACLs) applied and possibly with ssh running allows remote attackers to cause a denial of service (crash) via a port scan, possibly due to an ssh bug. NOTE: this issue could not be reproduced by the vendor.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.8 HIGH
CVE-2002-2380

NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2002-2381

Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-2382

cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out.

Published: December 31, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH